oweals/openssl.git
23 years agoAdd per-SSL 'msg_callback' with 'msg_callback_arg'.
Bodo Möller [Tue, 16 Oct 2001 13:09:24 +0000 (13:09 +0000)]
Add per-SSL 'msg_callback' with 'msg_callback_arg'.
Both have per-SSL_CTX defaults.
These new values can be set by calling SSL[_CTX]_[callback_]ctrl
with codes SSL_CTRL_SET_MSG_CALLBACK and SSL_CTRL_SET_MSG_CALLBACK_ARG.

So far, the callback is never actually called.

Also rearrange some SSL_CTX struct members (some exist just in
SSL_CTXs, others are defaults for SSLs and are either copied
during SSL_new, or used if the value in the SSL is not set;
these three classes of members were not in a logical order),
and add some missing assignments to SSL_dup.

23 years agoUpdate docs.
Dr. Stephen Henson [Tue, 16 Oct 2001 02:22:59 +0000 (02:22 +0000)]
Update docs.

23 years agoRetain compatibility of EVP_DigestInit() and EVP_DigestFinal()
Dr. Stephen Henson [Tue, 16 Oct 2001 01:24:29 +0000 (01:24 +0000)]
Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.

23 years agoThe message header for fake SSL 3.0/TLS 1.0 client hellos created from
Bodo Möller [Tue, 16 Oct 2001 00:56:04 +0000 (00:56 +0000)]
The message header for fake SSL 3.0/TLS 1.0 client hellos created from
SSL 2.0 client hellos added with the previous commit was totally wrong --
it must start with the message type, not the protocol version.
(Not that this particular header is actually used anywhere ...)

23 years agoFor consistency, set s->init_num in the 'reuse_message' case
Bodo Möller [Mon, 15 Oct 2001 20:16:36 +0000 (20:16 +0000)]
For consistency, set s->init_num in the 'reuse_message' case
(if s23_srvr.c faked the message, s->init_num is 0).

23 years agoChange ssl3_get_message and the functions using it so that complete
Bodo Möller [Mon, 15 Oct 2001 19:49:25 +0000 (19:49 +0000)]
Change ssl3_get_message and the functions using it so that complete
'Handshake' protocol structures are kept in memory, including
'msg_type' and 'length'.

(This is in preparation of future support for callbacks that get to
peek at handshake messages and the like.)

23 years agomake sure .rnd exists
Bodo Möller [Mon, 15 Oct 2001 17:58:00 +0000 (17:58 +0000)]
make sure .rnd exists

23 years agoFix ssl3_get_message handle message fragmentation correctly.
Bodo Möller [Mon, 15 Oct 2001 17:41:41 +0000 (17:41 +0000)]
Fix ssl3_get_message handle message fragmentation correctly.

23 years agothe previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
Bodo Möller [Mon, 15 Oct 2001 17:40:42 +0000 (17:40 +0000)]
the previous commit accidentily removed 'ret = 1' from the SSL_ST_OK
case of ssl3_accept

23 years agoopenbsd-x86 macros
Ulf Möller [Sun, 14 Oct 2001 00:57:30 +0000 (00:57 +0000)]
openbsd-x86 macros

Submitted by: Toomas Kiisk <vix@cyber.ee>

23 years agoUpdate information as a partial response to the post
Lutz Jänicke [Fri, 12 Oct 2001 12:29:16 +0000 (12:29 +0000)]
Update information as a partial response to the post
  From: "Chris D. Peterson" <cpeterson@aventail.com>
  Subject: Implementation Issues with OpenSSL
  To: openssl-users@openssl.org
  Date: Wed, 22 Aug 2001 16:13:17 -0700
The patch included in the original post may improve the internal session
list handling (and is therefore worth a seperate investigation).
No change to the list handling will however solve the problems of incorrect
SSL_SESSION_free() calls. The session list is only one possible point of
failure, dangling pointers would also occur for SSL object currently
using the session. The correct solution is to only use SSL_SESSION_free()
when applicable!

23 years agoIn certain cases, no encoding has been set up for the b64 filter. In
Richard Levitte [Thu, 11 Oct 2001 19:38:40 +0000 (19:38 +0000)]
In certain cases, no encoding has been set up for the b64 filter.  In
such cases, a flush should *not* attempt to finalise the encoding, as
the EVP_ENCODE_CTX structure will only be filled with garbage.  For
the same reason, do the same check when a wpending is performed.

23 years ago'make update'
Richard Levitte [Wed, 10 Oct 2001 21:52:06 +0000 (21:52 +0000)]
'make update'

23 years agoAdd support for md4WithRSAEncryption.
Richard Levitte [Wed, 10 Oct 2001 21:37:45 +0000 (21:37 +0000)]
Add support for md4WithRSAEncryption.

23 years agoFor systems where gcc is used and where we don't know if GNU ld is
Richard Levitte [Wed, 10 Oct 2001 14:46:41 +0000 (14:46 +0000)]
For systems where gcc is used and where we don't know if GNU ld is
used or not, let's ask collect2 which ld it uses and choose to use the
target do-gnu_shared if GNU ld is used.

This solves the reported problems on Solaris systems where GNU cc is
used but GNU ld isn't, and probably on other systems with similar
setups.

23 years ago'make update'
Richard Levitte [Wed, 10 Oct 2001 08:27:52 +0000 (08:27 +0000)]
'make update'

23 years agoIt seems like gcc does canonicalisation of file names. More
Richard Levitte [Wed, 10 Oct 2001 08:27:28 +0000 (08:27 +0000)]
It seems like gcc does canonicalisation of file names.  More
specifically, a starting './' is removed.  makedepend doesn't do this,
resulting in another possible commit war, so let's fix that by doing a
poor mans canonicalisation of file names that gives the same effect as
doing dependencies through gcc.

23 years ago'make update'
Richard Levitte [Wed, 10 Oct 2001 07:56:20 +0000 (07:56 +0000)]
'make update'

23 years agoTo avoid commit wars over dependencies, let's make it so things that
Richard Levitte [Wed, 10 Oct 2001 07:55:02 +0000 (07:55 +0000)]
To avoid commit wars over dependencies, let's make it so things that
depend on the environment, like the presence of the OpenBSD crypto
device or of Kerberos, do not change the dependencies within OpenSSL.

23 years agomakedepend sometimes produces duplicates. Remove them.
Richard Levitte [Wed, 10 Oct 2001 07:44:54 +0000 (07:44 +0000)]
makedepend sometimes produces duplicates.  Remove them.

23 years agoA few more OIDs, contributed by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>
Richard Levitte [Tue, 9 Oct 2001 15:32:23 +0000 (15:32 +0000)]
A few more OIDs, contributed by Peter Sylvester <Peter.Sylvester@EdelWeb.fr>

23 years agoevp_test.c and evptests.txt both need to be linked in the test/ directory
Geoff Thorpe [Tue, 9 Oct 2001 01:38:31 +0000 (01:38 +0000)]
evp_test.c and evptests.txt both need to be linked in the test/ directory
however for different reasons. This separation should prevent the win32
build from interpreting evptests.txt as source code.

23 years agoChange some EVP prototypes to use "cipher" rather than "type" as a variable
Geoff Thorpe [Mon, 8 Oct 2001 17:25:42 +0000 (17:25 +0000)]
Change some EVP prototypes to use "cipher" rather than "type" as a variable
name. The implementations already use this anyway.

23 years agoEVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but
Geoff Thorpe [Mon, 8 Oct 2001 17:24:10 +0000 (17:24 +0000)]
EVP_EncryptInit_ex() and EVP_DecryptInit_ex() had been defined in evp.h but
not implemented. (Bug reported by Martin Szotkowski)

This also changes the non-"_ex" versions to defer directly to
EVP_CipherInit_ex() rather than EVP_CipherInit() to avoid an unecessary
level of indirection.

23 years agoAs ENGINE_load_openbsd_dev_crypto() is an API function, it makes sense for
Geoff Thorpe [Mon, 8 Oct 2001 17:08:17 +0000 (17:08 +0000)]
As ENGINE_load_openbsd_dev_crypto() is an API function, it makes sense for
it to be defined on all platforms whether or not it is of any practical
use on them. This also resolves linker problems on "special" platforms,
such as win32.

23 years agoMake sure the "ENGINE_TABLE" cleanup callbacks have correct prototypes.
Geoff Thorpe [Mon, 8 Oct 2001 17:06:52 +0000 (17:06 +0000)]
Make sure the "ENGINE_TABLE" cleanup callbacks have correct prototypes.

23 years agoMissing pointer in the eng_table_register function. Reported by
Geoff Thorpe [Mon, 8 Oct 2001 14:44:38 +0000 (14:44 +0000)]
Missing pointer in the eng_table_register function. Reported by
Martin Szotkowski.

23 years agoSmall documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>)
Lutz Jänicke [Mon, 8 Oct 2001 08:37:24 +0000 (08:37 +0000)]
Small documentation fixes (Howard Lum <howard@pumpkin.canada.sun.com>)

23 years agoCopy evptests.txt to the right place.
Richard Levitte [Thu, 4 Oct 2001 21:15:03 +0000 (21:15 +0000)]
Copy evptests.txt to the right place.

23 years agoTypo...
Richard Levitte [Thu, 4 Oct 2001 19:25:12 +0000 (19:25 +0000)]
Typo...

23 years agoSSL_add_dir_cert_subjects_to_stack for Win32 finally implemented.
Richard Levitte [Thu, 4 Oct 2001 12:27:39 +0000 (12:27 +0000)]
SSL_add_dir_cert_subjects_to_stack for Win32 finally implemented.
Submitted by Massimo Santin <msantin@santineassociati.com>.

23 years ago'make update'
Richard Levitte [Thu, 4 Oct 2001 07:49:09 +0000 (07:49 +0000)]
'make update'

23 years agoSince ossl_typ.h is an exported header, we sure need to export it on
Richard Levitte [Thu, 4 Oct 2001 07:46:30 +0000 (07:46 +0000)]
Since ossl_typ.h is an exported header, we sure need to export it on
VMS as well :-).

23 years agoBecause there's chances we clash with the system's types.h, rename our
Richard Levitte [Thu, 4 Oct 2001 07:34:45 +0000 (07:34 +0000)]
Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.
Also, it seems like krb5 was forgotten in some places.

23 years agoBecause there's chances we clash with the system's types.h, rename our
Richard Levitte [Thu, 4 Oct 2001 07:32:46 +0000 (07:32 +0000)]
Because there's chances we clash with the system's types.h, rename our
types.h to ossl_typ.h.

23 years agoUse the maximum block length for the extra size in the encrypt
Dr. Stephen Henson [Wed, 3 Oct 2001 12:47:03 +0000 (12:47 +0000)]
Use the maximum block length for the extra size in the encrypt
BIO buffer instead of hard coding it as 8.

23 years agoMake EVP_DecryptUpdate work again.
Dr. Stephen Henson [Tue, 2 Oct 2001 16:19:49 +0000 (16:19 +0000)]
Make EVP_DecryptUpdate work again.

23 years agosch isn't an array, how did this pass through gcc?
Richard Levitte [Tue, 2 Oct 2001 11:49:55 +0000 (11:49 +0000)]
sch isn't an array, how did this pass through gcc?

23 years agoA lot of things are undeclared unless x509.h is included.
Richard Levitte [Tue, 2 Oct 2001 11:06:42 +0000 (11:06 +0000)]
A lot of things are undeclared unless x509.h is included.

23 years agoHmm, everything "open" isn't necessarely "openssl" :-).
Richard Levitte [Tue, 2 Oct 2001 10:03:15 +0000 (10:03 +0000)]
Hmm, everything "open" isn't necessarely "openssl" :-).
*sigh* habit...

23 years agoWoopsie...
Richard Levitte [Mon, 1 Oct 2001 17:20:28 +0000 (17:20 +0000)]
Woopsie...

23 years ago'make update'
Richard Levitte [Mon, 1 Oct 2001 17:16:24 +0000 (17:16 +0000)]
'make update'

23 years agosk_ENGINE_CLEANUP_ITEM_pop_free() is duplicated in ENGINE_cleanup().
Richard Levitte [Mon, 1 Oct 2001 17:15:28 +0000 (17:15 +0000)]
sk_ENGINE_CLEANUP_ITEM_pop_free() is duplicated in ENGINE_cleanup().
Let's use sk_ENGINE_CLEANUP_ITEM_pop_free() instead.

23 years agoAddapt seldom compiled code to new semantics of the key schedule (not
Richard Levitte [Mon, 1 Oct 2001 17:10:10 +0000 (17:10 +0000)]
Addapt seldom compiled code to new semantics of the key schedule (not
a pointer any more).

23 years agoSome new symbols have very long names...
Richard Levitte [Mon, 1 Oct 2001 17:09:17 +0000 (17:09 +0000)]
Some new symbols have very long names...

23 years agoo_time.c contains symbols with dollar signs in them, so we must tell
Richard Levitte [Mon, 1 Oct 2001 17:08:18 +0000 (17:08 +0000)]
o_time.c contains symbols with dollar signs in them, so we must tell
the compiler not to warn about that.

23 years agoThe cleanup stack in ENGINE changed slightly, so this "make update" is
Geoff Thorpe [Mon, 1 Oct 2001 16:39:58 +0000 (16:39 +0000)]
The cleanup stack in ENGINE changed slightly, so this "make update" is
needed.

23 years agoThe STACK macros take care of casting to and from the designated item type
Geoff Thorpe [Mon, 1 Oct 2001 16:26:00 +0000 (16:26 +0000)]
The STACK macros take care of casting to and from the designated item type
of the stack, and the (void *) type used in the underlying sk_***
functions.  However, declaring a STACK_OF(type) where type is a *function*
type implicitly involves casts between function pointers and data pointers.
That's a no-no. This changes the ENGINE_CLEANUP handling to use a regular
data type in the stack.

23 years agoMake an (overdue) note about the recent ENGINE restructuring. Apart from
Geoff Thorpe [Mon, 1 Oct 2001 15:56:25 +0000 (15:56 +0000)]
Make an (overdue) note about the recent ENGINE restructuring. Apart from
a few items however, most of the details are deferred to the
crypto/engine/README file.

23 years agoMake "openssl engine -c" list any supported digests as well as supported
Geoff Thorpe [Mon, 1 Oct 2001 15:41:31 +0000 (15:41 +0000)]
Make "openssl engine -c" list any supported digests as well as supported
ciphers.

23 years agoTypos (Chris Pepper <pepper@mail.reppep.com>)
Lutz Jänicke [Mon, 1 Oct 2001 14:43:47 +0000 (14:43 +0000)]
Typos (Chris Pepper <pepper@mail.reppep.com>)

23 years agoChange HZ in speed to rely on sysconf() if the clock tick is available
Richard Levitte [Fri, 28 Sep 2001 10:34:48 +0000 (10:34 +0000)]
Change HZ in speed to rely on sysconf() if the clock tick is available
that way.  Synchronise s_time with these changes.

23 years agoENGINE_register_all_complete() will register all implementations of all
Geoff Thorpe [Fri, 28 Sep 2001 02:25:14 +0000 (02:25 +0000)]
ENGINE_register_all_complete() will register all implementations of all
algorithms present in all loaded ENGINEs. The result is that if any of
those ENGINEs successfully initialises, and the ENGINE_TABLE_FLAG_NOINIT
flag isn't set, then they will always be used (and cached as defaults) in
preference to software implementations. Ie. accidental auto-detection of
acceleration hardware :-)

This change stops all implementations being automatically registered in
"openssl" sub-commands, so that the "setup_engine()" handler in apps.c
controls which ENGINEs are registered for use. A special case has been
added that will revert to this "auto-detect" logic, ie. if the "-engine"
switch is used as;
   -engine auto

23 years agoModernise and fix (ancient) "maurice" demos.
Dr. Stephen Henson [Fri, 28 Sep 2001 01:48:34 +0000 (01:48 +0000)]
Modernise and fix (ancient) "maurice" demos.

23 years agoConstify EVP_SealInit, EVP_OpenInit
Dr. Stephen Henson [Fri, 28 Sep 2001 01:47:36 +0000 (01:47 +0000)]
Constify EVP_SealInit, EVP_OpenInit

23 years agoMake (ancient) sign.c demo compile again.
Dr. Stephen Henson [Fri, 28 Sep 2001 00:47:36 +0000 (00:47 +0000)]
Make (ancient) sign.c demo compile again.

23 years agoSupport fractional seconds in GeneralizedTime
Dr. Stephen Henson [Fri, 28 Sep 2001 00:44:44 +0000 (00:44 +0000)]
Support fractional seconds in GeneralizedTime

23 years agoSynchronise with Unixly build.
Richard Levitte [Thu, 27 Sep 2001 16:07:36 +0000 (16:07 +0000)]
Synchronise with Unixly build.

23 years agoStop thinking arguments starting with - are algorithm identifiers.
Richard Levitte [Thu, 27 Sep 2001 15:43:55 +0000 (15:43 +0000)]
Stop thinking arguments starting with - are algorithm identifiers.
Show timing parameters and timing functions used.
It looks like some Linuxen have very weird settings for CLK_TCK.  I'm
very unsure about this change and will investigate further.

23 years agoApparently, Linux is identified with __linux__ as well.
Richard Levitte [Thu, 27 Sep 2001 15:41:34 +0000 (15:41 +0000)]
Apparently, Linux is identified with __linux__ as well.

23 years ago'make update'
Richard Levitte [Wed, 26 Sep 2001 15:23:14 +0000 (15:23 +0000)]
'make update'

23 years agoThe #error message must match a very specific regexp (see mkdef.pl,
Richard Levitte [Wed, 26 Sep 2001 15:18:32 +0000 (15:18 +0000)]
The #error message must match a very specific regexp (see mkdef.pl,
currently line 470).

23 years agoDon't clean up stuff twice.
Ben Laurie [Wed, 26 Sep 2001 15:15:03 +0000 (15:15 +0000)]
Don't clean up stuff twice.

23 years agoFixes.
Ben Laurie [Wed, 26 Sep 2001 15:14:10 +0000 (15:14 +0000)]
Fixes.

23 years agoTwo changes:
Richard Levitte [Wed, 26 Sep 2001 15:06:45 +0000 (15:06 +0000)]
Two changes:

1. if there are several symbols with the same entry number, sort those
   symbols in ASCII order.
2. Do not stop reading the header files when "BEGIN ERROR CODES" is
   found, since mkerr.pl will add a function declaration after that
   comment.  Instead, trigger on "Error codes for the \w+ function",
   which is the actual start of the error code macros.

Additionally, a few more debugging printouts that helped.

23 years agoFix warning.
Ben Laurie [Wed, 26 Sep 2001 11:38:57 +0000 (11:38 +0000)]
Fix warning.

23 years ago"FALLBACK" handling was a hack that was thrown out long ago in the
Geoff Thorpe [Tue, 25 Sep 2001 21:52:39 +0000 (21:52 +0000)]
"FALLBACK" handling was a hack that was thrown out long ago in the
ENGINE redevelopment. The idea had been that "-1" could be used as a
special "ask me later" 'nid' rather than specifying supported cipher and
digest 'nid's up front. However the idea turned out to be pretty broken.

23 years agoMake update to bring in all the cipher/digest-related ENGINE changes.
Geoff Thorpe [Tue, 25 Sep 2001 21:47:27 +0000 (21:47 +0000)]
Make update to bring in all the cipher/digest-related ENGINE changes.
NB: It looks like mkdef.pl is causing certain cvs wars by continually
flipping the order of some definitions ...

23 years agoPut the cipher info back into the "openssl engine" command.
Geoff Thorpe [Tue, 25 Sep 2001 21:45:03 +0000 (21:45 +0000)]
Put the cipher info back into the "openssl engine" command.

23 years agoFiddling.
Geoff Thorpe [Tue, 25 Sep 2001 21:44:12 +0000 (21:44 +0000)]
Fiddling.

23 years agoThis change puts the original OpenBSD /dev/crypto support that was in
Geoff Thorpe [Tue, 25 Sep 2001 21:43:08 +0000 (21:43 +0000)]
This change puts the original OpenBSD /dev/crypto support that was in
crypto/evp/ into the corresponding ENGINE. This code is currently untested.

23 years agoThis change adds dummy RC4 and SHA1 support to the "openssl" ENGINE for
Geoff Thorpe [Tue, 25 Sep 2001 21:41:20 +0000 (21:41 +0000)]
This change adds dummy RC4 and SHA1 support to the "openssl" ENGINE for
testing. Because of the recent changes (see crypto/engine/README), the
"openssl" ENGINE is no longer needed nor is it loaded automatically or by
ENGINE_load_builtin_engines(). So a explicit ENGINE_load_openssl() call is
required by applications or a modification to eng_all.c before this ENGINE
will be used. This change will send output to stderr as/when its
implementations are used.

23 years agoThis changes EVP's cipher and digest code to hook via the ENGINE support.
Geoff Thorpe [Tue, 25 Sep 2001 21:37:02 +0000 (21:37 +0000)]
This changes EVP's cipher and digest code to hook via the ENGINE support.
See crypto/engine/README for details.

- it also removes openbsd_hw.c from the build (that functionality is
  going to be available in the openbsd ENGINE in a upcoming commit)

- evp_test has had the extra initialisation added so it will use (if
  possible) any ENGINEs supporting the algorithms required.

23 years agoThis change adds cipher and digest support into ENGINE using the
Geoff Thorpe [Tue, 25 Sep 2001 21:28:40 +0000 (21:28 +0000)]
This change adds cipher and digest support into ENGINE using the
ENGING_TABLE mechanism. The necessary hooks from crypto/evp/ to use this
will be committed shortly.

23 years agoindentation.
Geoff Thorpe [Tue, 25 Sep 2001 21:22:32 +0000 (21:22 +0000)]
indentation.

23 years ago"make update".
Geoff Thorpe [Tue, 25 Sep 2001 20:39:59 +0000 (20:39 +0000)]
"make update".

23 years agoMake necessary tweaks to apps/ files due to recent ENGINE surgery. See
Geoff Thorpe [Tue, 25 Sep 2001 20:35:01 +0000 (20:35 +0000)]
Make necessary tweaks to apps/ files due to recent ENGINE surgery. See
crypto/engine/README for details.

23 years agoThis commits changes to various parts of libcrypto required by the recent
Geoff Thorpe [Tue, 25 Sep 2001 20:23:40 +0000 (20:23 +0000)]
This commits changes to various parts of libcrypto required by the recent
ENGINE surgery. DH, DSA, RAND, and RSA now use *both* "method" and ENGINE
pointers to manage their hooking with ENGINE. Previously their use of
"method" pointers was replaced by use of ENGINE references. See
crypto/engine/README for details.

Also, remove the ENGINE iterations from evp_test - even when the
cipher/digest code is committed in, this functionality would require a
different set of API calls.

23 years agoThis commits the changes to STACK macros forced by recent ENGINE surgery.
Geoff Thorpe [Tue, 25 Sep 2001 20:17:15 +0000 (20:17 +0000)]
This commits the changes to STACK macros forced by recent ENGINE surgery.

23 years agoThis change replaces the ENGINE's underlying mechanics with the new
Geoff Thorpe [Tue, 25 Sep 2001 20:00:51 +0000 (20:00 +0000)]
This change replaces the ENGINE's underlying mechanics with the new
ENGINE_TABLE-based stuff - as described in crypto/engine/README.

Associated miscellaneous changes;
 - the previous cipher/digest hooks that hardwired directly to EVP's
   OBJ_NAME-based storage have been backed out. New cipher/digest support
   has been constructed and will be committed shortly.
 - each implementation defines its own ENGINE_load_<name> function now.
 - the "openssl" ENGINE isn't needed or loaded any more.
 - core (not algorithm or class specific) ENGINE code has been split into
   multiple files to increase readability and decrease linker bloat.
 - ENGINE_cpy() has been removed as it wasn't really a good idea in the
   first place and now, because of registration issues, can't be
   meaningfully defined any more.
 - BN_MOD_EXP[_CRT] support is removed as per the README.
 - a bug in enginetest.c has been fixed.

NB: This commit almost certainly breaks compilation until subsequent
changes are committed.

23 years agoSome major restructuring changes to ENGINE, including integrated cipher and
Geoff Thorpe [Tue, 25 Sep 2001 19:31:30 +0000 (19:31 +0000)]
Some major restructuring changes to ENGINE, including integrated cipher and
digest support, are on their way. Rather than having gigantic commit log
messages and/or CHANGES entries, this change to the README will serve as an
outline of what it all is and how it all works.

23 years agoFix AES CBC mode EVP_CIPHER structures: the IV length is always
Dr. Stephen Henson [Tue, 25 Sep 2001 13:49:58 +0000 (13:49 +0000)]
Fix AES CBC mode EVP_CIPHER structures: the IV length is always
16.

23 years ago'openssl rsa' etc. should include AES support in addition to DES
Bodo Möller [Tue, 25 Sep 2001 11:01:14 +0000 (11:01 +0000)]
'openssl rsa' etc. should include AES support in addition to DES

23 years ago'openssl speed' does not include AES support yet
Bodo Möller [Tue, 25 Sep 2001 10:30:15 +0000 (10:30 +0000)]
'openssl speed' does not include AES support yet

23 years ago"make update"
Geoff Thorpe [Mon, 24 Sep 2001 17:42:35 +0000 (17:42 +0000)]
"make update"

23 years agoIn case of memory problems, the va_start() wasn't cleaned with a va_end().
Richard Levitte [Mon, 24 Sep 2001 13:39:48 +0000 (13:39 +0000)]
In case of memory problems, the va_start() wasn't cleaned with a va_end().
Noticed by Thomas Klausner <wiz@danbala.ifoer.tuwien.ac.at>.

23 years agocomment
Bodo Möller [Mon, 24 Sep 2001 07:56:45 +0000 (07:56 +0000)]
comment

23 years agoignore binary
Bodo Möller [Mon, 24 Sep 2001 07:56:02 +0000 (07:56 +0000)]
ignore binary

23 years agoavoid everything resembling a magic trigraph
Bodo Möller [Mon, 24 Sep 2001 07:54:11 +0000 (07:54 +0000)]
avoid everything resembling a magic trigraph

23 years agoThe 'no-rijndael' option must define OPENSSL_NO_AES because that is
Bodo Möller [Sat, 22 Sep 2001 01:40:47 +0000 (01:40 +0000)]
The 'no-rijndael' option must define OPENSSL_NO_AES because that is
what we look for in crypto/evp.

23 years agocrypto/idea and crypto/rijndael were missing in the list of
Bodo Möller [Sat, 22 Sep 2001 01:39:51 +0000 (01:39 +0000)]
crypto/idea and crypto/rijndael were missing in the list of
directories that may have been deleted

23 years agobugfix: handle HelloRequest received during handshake correctly
Bodo Möller [Fri, 21 Sep 2001 11:18:40 +0000 (11:18 +0000)]
bugfix: handle HelloRequest received during handshake correctly

23 years agoDisable session related stuff in SSL_ST_OK case of ssl3_accept if we
Bodo Möller [Fri, 21 Sep 2001 07:01:25 +0000 (07:01 +0000)]
Disable session related stuff in SSL_ST_OK case of ssl3_accept if we
just sent a HelloRequest.

23 years agoBugfix: correct cleanup after sending a HelloRequest
Bodo Möller [Fri, 21 Sep 2001 00:04:15 +0000 (00:04 +0000)]
Bugfix: correct cleanup after sending a HelloRequest

23 years agoNew function SSL_renegotiate_pending().
Bodo Möller [Thu, 20 Sep 2001 22:54:09 +0000 (22:54 +0000)]
New function SSL_renegotiate_pending().
New option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.

23 years agomake update
Bodo Möller [Thu, 20 Sep 2001 22:52:19 +0000 (22:52 +0000)]
make update

23 years agofix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case
Bodo Möller [Thu, 20 Sep 2001 21:37:13 +0000 (21:37 +0000)]
fix ssl3_accept: don't call ssl_init_wbio_buffer() in HelloRequest case

23 years agoFix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
Bodo Möller [Thu, 20 Sep 2001 18:35:52 +0000 (18:35 +0000)]
Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.

23 years agocomments
Bodo Möller [Thu, 20 Sep 2001 15:41:34 +0000 (15:41 +0000)]
comments

23 years agoChange Makefile so that it works without any additional changes
Bodo Möller [Tue, 18 Sep 2001 09:15:40 +0000 (09:15 +0000)]
Change Makefile so that it works without any additional changes
at least on Solaris